lucid ldap
TRANSCRIPT
8/8/2019 Lucid Ldap
http://slidepdf.com/reader/full/lucid-ldap 1/4
In my previous LDAP server howto we used 8.04 Hardy Heron. Things have changed quite a bit
since then, so I have updated my procedure. Most of this is ajust a reproduction of the Ubuntu Doc'spage for LDAP (See references at the end of the article for a link)
PLATFORM:* Ubuntu Server 10.04 LTS (Lucid)
PREREQUISITES:
* A standard vanilla Ubuntu 10.04 server install.
* An NFS server exporting the users home directorys
Network overview;* domain name: example.com
* ldap-server 10.1.1.5
Install The Packages
We want to install the OpenLDAP server daemon slapd and ldap-utils, a package containing LDAPmanagement utilities:
sudo apt-get install slapd ldap-utils
Notes:
By default slapd is configured with minimal options needed to run the slapd daemon.
The configuration example in the following sections will match the domain name of theserver. For example, if the machine's Fully Qualified Domain Name (FQDN) is
ldap.example.com, the default suffix will be dc=example,dc=com.
Populating the server
Notes:
OpenLDAP uses a separate directory which contains the cn=config DirectoryInformation Tree (DIT). The cn=config DIT is used to dynamically configure the slapd
daemon, allowing the modification of schema definitions, indexes, ACLs, etc withoutstopping the service.
The backend cn=config directory has only a minimal configuration and will need
additional configuration options in order to populate the frontend directory. Thefrontend will be populated with a "classical" scheme that will be compatible withaddress book applications and with Unix Posix accounts. Posix accounts will allow
authentication to various applications, such as web applications, email Mail Transfer
Agent (MTA) applications, etc.
* For external applications to authenticate using LDAP they will each need to be
specifically configured to do so. Refer to the individual application documentation fordetails.
* Remember to change dc=example,dc=com in the following examples to match your
LDAP configuration.
8/8/2019 Lucid Ldap
http://slidepdf.com/reader/full/lucid-ldap 2/4
First, some additional schema files need to be loaded. In a terminal enter:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f/etc/ldap/schema/cosine.ldifsudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldifsudo ldapadd -Y EXTERNAL -H ldapi:/// -f
/etc/ldap/schema/inetorgperson.ldif
Next, create an LDIF file
vi ~/backend.ldif
With the following contents;
# Load dynamic backend modulesdn: cn=module,cn=configobjectClass: olcModuleList
cn: moduleolcModulepath: /usr/lib/ldapolcModuleload: back_hdb
# Database settingsdn: olcDatabase=hdb,cn=configobjectClass: olcDatabaseConfigobjectClass: olcHdbConfigolcDatabase: {1}hdbolcSuffix: dc=tuxnetworks,dc=com
olcDbDirectory: /var/lib/ldapolcRootDN: cn=admin,dc=tuxnetworks,dc=comolcRootPW: mypasswordolcDbConfig: set_cachesize 0 2097152 0olcDbConfig: set_lk_max_objects 1500olcDbConfig: set_lk_max_locks 1500olcDbConfig: set_lk_max_lockers 1500olcDbIndex: objectClass eqolcLastMod: TRUEolcDbCheckpoint: 512 30olcAccess: to attrs=userPassword by
dn="cn=admin,dc=tuxnetworks,dc=com" write by anonymous auth byself write by * noneolcAccess: to attrs=shadowLastChange by self write by * readolcAccess: to dn.base="" by * readolcAccess: to * by dn="cn=admin,dc=tuxnetworks,dc=com" write by *read
* Change olcRootPW: mypassword to a password of your choosing.
* Change dc=example,dc=com to suit your own domain details.
Now add the LDIF to the directory:
8/8/2019 Lucid Ldap
http://slidepdf.com/reader/full/lucid-ldap 3/4
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif
The frontend directory is now ready to be populated. Create a frontend.ldif file
vi ~/frontend.ldif
Enter the following contents, once again making the necessary changes to suit your own network:
# Create top-level object in domain
dn: dc=tuxnetworks,dc=comobjectClass: top
objectClass: dcObjectobjectclass: organization
o: Tuxnetworks
dc: Tuxnetworksdescription: LDAP Server
# Admin user.dn: cn=admin,dc=tuxnetworks,dc=com
objectClass: simpleSecurityObjectobjectClass: organizationalRole
cn: admindescription: LDAP administrator
userPassword: mypassword
dn: ou=people,dc=tuxnetworks,dc=com
objectClass: organizationalUnitou: people
dn: ou=groups,dc=tuxnetworks,dc=comobjectClass: organizationalUnit
ou: groups
dn: uid=brettg,ou=people,dc=tuxnetworks,dc=com
objectClass: inetOrgPersonobjectClass: posixAccount
objectClass: shadowAccountuid: brettg
sn: GlassongivenName: Brettcn: Brett Glasson
displayName: Brett GlassonuidNumber: 1000
gidNumber: 10000
userPassword: mypasswordgecos: Brett Glasson
loginShell: /bin/bashhomeDirectory: /home/brettg
shadowExpire: -1
shadowFlag: 0shadowWarning: 7
shadowMin: 8
8/8/2019 Lucid Ldap
http://slidepdf.com/reader/full/lucid-ldap 4/4
shadowMax: 999999
shadowLastChange: 10877mail: [email protected]
postalCode: 31000
l: Melbourneo: tuxnetworks
mobile: +33 (0)6 xx xx xx xxhomePhone: +33 (0)5 xx xx xx xx
title: System Administrator
postalAddress:initials: BG
dn: cn=users,ou=groups,dc=tuxnetworks,dc=com
objectClass: posixGroup
cn: usersgidNumber: 10000
Notes:In this example the directory structure, a user, and a group have been setup. In otherexamples you might see the objectClass: top added in every entry, but that is the default
behaviour so you do not have to add it explicitly.
Add the entries to the LDAP directory:
sudo ldapadd -x -D cn=admin,dc=tuxnetworks,dc=com -W -ffrontend.ldif
We can check that the content has been correctly added with the ldapsearch utility. Execute a searchof the LDAP directory:
ldapsearch -xLLL -b "dc=tuxnetworks,dc=com" uid=brettg sngivenName cn
Which should return something like this;
dn: uid=brettg,ou=people,dc=,dc=comcn: Brett Glassonsn: Glasson
givenName: Brett
Next, you should go ahead and install phpLDAPadmin, add Samba support or configure a client
References:
Ubuntu Docs